General

  • Target

    ab4ce4283b57b4f2ef0ceb3d733af766_JaffaCakes118

  • Size

    2.8MB

  • Sample

    240819-rak58a1erq

  • MD5

    ab4ce4283b57b4f2ef0ceb3d733af766

  • SHA1

    2690ebf503345a00c602fd44047af3d515444755

  • SHA256

    1a1636b5c9f7d8026ef4c41c7f1af957a7746370e962c4599a216e2b93c99db3

  • SHA512

    a4dda505f83fa1e441d21dcc523b85e4af438d3d9fa3b47f4909cf067b7efe0535d3ef46a3fe697d3f4567232ef554dcd0889582f707ac8928048d5ae953aa14

  • SSDEEP

    49152:R9nF6xj1T/jb6wB7GCIIK8/8l9C3gNxnrApBpc4qM/bZ+YAuewvEZjwtKrIL2u11:R9Qd1T/XBKCIIK8/w0gDA5c43/t+Y5nL

Score
7/10

Malware Config

Targets

    • Target

      ab4ce4283b57b4f2ef0ceb3d733af766_JaffaCakes118

    • Size

      2.8MB

    • MD5

      ab4ce4283b57b4f2ef0ceb3d733af766

    • SHA1

      2690ebf503345a00c602fd44047af3d515444755

    • SHA256

      1a1636b5c9f7d8026ef4c41c7f1af957a7746370e962c4599a216e2b93c99db3

    • SHA512

      a4dda505f83fa1e441d21dcc523b85e4af438d3d9fa3b47f4909cf067b7efe0535d3ef46a3fe697d3f4567232ef554dcd0889582f707ac8928048d5ae953aa14

    • SSDEEP

      49152:R9nF6xj1T/jb6wB7GCIIK8/8l9C3gNxnrApBpc4qM/bZ+YAuewvEZjwtKrIL2u11:R9Qd1T/XBKCIIK8/w0gDA5c43/t+Y5nL

    Score
    7/10
    • Loads dropped DLL

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      1d5c649dde35003a618b9679d5d71b92

    • SHA1

      0409bbab3ab34f8c01289cdd847b4d1a32d05b18

    • SHA256

      0f4d3cee24e3f310fa804983c931d3628613988a24f0be7854f63a9309b8e45f

    • SHA512

      b432ebcc52905662d61a3f17e08e209a3f9d836a9071b3b5e80070af7ebcf34cf66c44426dda041c2a258fda4787e5692e2b35acbcd73288fb84fe3c977bbfd9

    • SSDEEP

      384:pKlm7i+c3QW6ckPhyDEaLnA2bbBBIXwZ:8qi8BcyhEhLBbbTI

    Score
    3/10
    • Target

      $PLUGINSDIR/StartMenu.dll

    • Size

      6KB

    • MD5

      5aae8598d8b53bcec81d8e8c8a6732f9

    • SHA1

      d071fcc74a107c7d7bc5a493d305b00976b07464

    • SHA256

      be3f03c07be54354b8a9a30a8c0ac384f43c245c9b95ed1025549c76642f3fb4

    • SHA512

      d20af152b9d1903cd9cd0ff584f14f95ee69cd7149c9ef9369257d08659d1a7ab5860055b39ebd0ead67cfc31da2571175623a5676116ce999acea2b7a643c1d

    • SSDEEP

      96:VLJdRZk8OkmE+WHw0FMXF6CWhFxKpKsBQhEfP0:VLjPk8OT30FFAmCP0

    Score
    3/10
    • Target

      $PLUGINSDIR/System.dll

    • Size

      10KB

    • MD5

      4eff5fafd746f5decb93a44e3a3d570c

    • SHA1

      a11aa7681b7e2df1c7f7492a127d332d1495ea8a

    • SHA256

      cf61ddd15d63c25a12caee70f51ea736cfc02195c42e56ee01b33f689d3754c5

    • SHA512

      cde82d2a1f28506e4c2264f6b82017a00af32f138ebcdbaf4cc58463870fa626f708aa57465294c5a6f096c886841e7b9112b85bf3ea2f1d8f2da816b51b2d72

    • SSDEEP

      192:0OycJo/rJVCmIDNLU0dq5RD00lspbub76yL:6/QQ0d0RD0USq/6y

    Score
    3/10
    • Target

      SpyFalcon.exe

    • Size

      1.7MB

    • MD5

      efc3899410403e713bf3c78a27257a9b

    • SHA1

      041f7d356243a91f5413c9fad2ce892c07664b7f

    • SHA256

      ba8f2bd07232667d168f07c39d79f2ce2681dce65ff1e6df8a9b33477ca6cae2

    • SHA512

      4e4aa36c70cec801cfb4996481fcfa24c7e021212d9e771fb4c655918d3a650d39217a20e7bdec74b7422136a4f74d42eab66152bcf69da17bbe36cbc45fa4ca

    • SSDEEP

      24576:pZlJVQgy+nI9oQ0WaB63j/I/OfyptviekjjW7cqstIWET5TbqWg/Pf+:pJDs0Wk2fyptvieO4Yt2Thql/3+

    Score
    7/10
    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    • Target

      msvcp71.dll

    • Size

      488KB

    • MD5

      561fa2abb31dfa8fab762145f81667c2

    • SHA1

      c8ccb04eedac821a13fae314a2435192860c72b8

    • SHA256

      df96156f6a548fd6fe5672918de5ae4509d3c810a57bffd2a91de45a3ed5b23b

    • SHA512

      7d960aa8e3cce22d63a6723d7f00c195de7de83b877eca126e339e2d8cc9859e813e05c5c0a5671a75bb717243e9295fd13e5e17d8c6660eb59f5baee63a7c43

    • SSDEEP

      12288:fJzxYPVsBnxO/R7krZhUgiW6QR7t5k3Ooc8iHkC2eq:fZxvBnxOJ7ki3Ooc8iHkC2e

    Score
    3/10
    • Target

      msvcr71.dll

    • Size

      340KB

    • MD5

      86f1895ae8c5e8b17d99ece768a70732

    • SHA1

      d5502a1d00787d68f548ddeebbde1eca5e2b38ca

    • SHA256

      8094af5ee310714caebccaeee7769ffb08048503ba478b879edfef5f1a24fefe

    • SHA512

      3b7ce2b67056b6e005472b73447d2226677a8cadae70428873f7efa5ed11a3b3dbf6b1a42c5b05b1f2b1d8e06ff50dfc6532f043af8452ed87687eefbf1791da

    • SSDEEP

      6144:OcV9z83OtqxnEYmt3NEnvfF+Tbmbw6An8FMciFMNrb3YgxxpbCAOxO2ElvlE:Ooz83OtIEzW+/m/AyF7bCrO/E

    Score
    3/10
    • Target

      uninst.exe

    • Size

      40KB

    • MD5

      ad651966f1792c370887a6fe5c10e730

    • SHA1

      9cdc8e57675b97b29fbb1496dbc325ca10a17562

    • SHA256

      039d7061fdae17ad7f6ec882b3b7831f8baba1a8f179f4e023922fa0f4758e1b

    • SHA512

      a7064640f660249fe5fa50768cf9f11e8ceb8b3ac27b49d68dfcb15e2e2c296596aa3221af382dde88fc45efc8504ca7fe94ac5f9211cb1181eb1aec2fedc3a1

    • SSDEEP

      768:LMEFP4CyxRyQR4Dk1b+/JwwXVPYwitff/ff6FS6sekJhCEy8HSVm8sXwBtr:FPJc2WCMNv0kJe8HSVm8Gur

    Score
    7/10
    • Executes dropped EXE

    • Loads dropped DLL

    • Target

      $PLUGINSDIR/LangDLL.dll

    • Size

      5KB

    • MD5

      462dc0d8abebaa425c7808e696ad5a4d

    • SHA1

      db041b23fa77e1658d6c113fa73f4692a9168979

    • SHA256

      faf49e3e51562992570a1b468b18bd6c2c0f9fc2904e3136ca7aaf2a12ad9ac0

    • SHA512

      d1b77873251fa438f8fbebcd94820ba18c236d7f2ac4be85ae503fe6cac90544f889ef4facbca6f8b09c99c7f610a2d0a8aaa88505fce6df1f9b7d8b5eba3f83

    • SSDEEP

      48:SHHPtcWCeM7etAo1UurdGl4A0h2TpXHWFv+wewzpv1XP3GhaEJ0of2ynh1:q1cWxfzrrh2cFvWwFtSj

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks